* [gentoo-hardened] distcc and mixed hardened/vanilla toolchains @ 2006-05-19 15:50 Jonathat Skanes 2006-05-20 2:01 ` Russ Gray 2006-05-22 19:01 ` Kevin F. Quinn 0 siblings, 2 replies; 6+ messages in thread From: Jonathat Skanes @ 2006-05-19 15:50 UTC (permalink / raw To: gentoo-hardened Hi all, My environment is mainly hardened. However, I have a couple boxen that aren't such as my laptop. Can I use this hardened environment for emerge using distcc from the non hardened machines? If so, do i change the gcc profile on the hardened machines to vanilla before emerging? What else do I have to be aware of? Thanks, Jon -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] distcc and mixed hardened/vanilla toolchains 2006-05-19 15:50 [gentoo-hardened] distcc and mixed hardened/vanilla toolchains Jonathat Skanes @ 2006-05-20 2:01 ` Russ Gray 2006-05-22 19:01 ` Kevin F. Quinn 1 sibling, 0 replies; 6+ messages in thread From: Russ Gray @ 2006-05-20 2:01 UTC (permalink / raw To: gentoo-hardened As far as I'm aware, no, you can't use distcc with vanilla and hardened versions interchangebly without producing broken code On 5/19/06, Jonathat Skanes <jon@skanes.ca> wrote: > Hi all, > > My environment is mainly hardened. However, I have a couple boxen that aren't > such as my laptop. > > Can I use this hardened environment for emerge using distcc from the non > hardened machines? If so, do i change the gcc profile on the hardened > machines to vanilla before emerging? What else do I have to be aware of? > > Thanks, > Jon > -- > gentoo-hardened@gentoo.org mailing list > > -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] distcc and mixed hardened/vanilla toolchains 2006-05-19 15:50 [gentoo-hardened] distcc and mixed hardened/vanilla toolchains Jonathat Skanes 2006-05-20 2:01 ` Russ Gray @ 2006-05-22 19:01 ` Kevin F. Quinn 2006-05-28 4:24 ` Jonathan Skanes 1 sibling, 1 reply; 6+ messages in thread From: Kevin F. Quinn @ 2006-05-22 19:01 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 746 bytes --] On Fri, 19 May 2006 13:20:46 -0230 Jonathat Skanes <jon@skanes.ca> wrote: > My environment is mainly hardened. However, I have a couple boxen > that aren't such as my laptop. > > Can I use this hardened environment for emerge using distcc from the > non hardened machines? Not as it currently stands, no. Well, it'll do something, but the results will be unreliable, to put it mildly. > If so, do i change the gcc profile on the > hardened machines to vanilla before emerging? That's the only way that will work with distcc. Another option would have been to add '-specs=vanilla.specs' to CFLAGS, but distcc will reject it (it's a bit tricky to support). > What else do I have to be aware of? -- Kevin F. Quinn [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 191 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] distcc and mixed hardened/vanilla toolchains 2006-05-22 19:01 ` Kevin F. Quinn @ 2006-05-28 4:24 ` Jonathan Skanes 2006-05-28 8:52 ` Kevin F. Quinn 0 siblings, 1 reply; 6+ messages in thread From: Jonathan Skanes @ 2006-05-28 4:24 UTC (permalink / raw To: gentoo-hardened On May 22, 2006 16:31, Kevin F. Quinn wrote: > > If so, do i change the gcc profile on the > > hardened machines to vanilla before emerging? > > That's the only way that will work with distcc. Another option would > have been to add '-specs=vanilla.specs' to CFLAGS, but distcc will > reject it (it's a bit tricky to support). OK, this being so, can I have the discc init.d script select a profile and update the environment before running distcc and have it retain the changes? If so, it should be possible to run a couple distcc invocations on different ports to support the different profiles. This would be fabulous as then I can configure the distcc client to choose the right spec based on distcc port number. Jon -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] distcc and mixed hardened/vanilla toolchains 2006-05-28 4:24 ` Jonathan Skanes @ 2006-05-28 8:52 ` Kevin F. Quinn 2006-06-01 4:34 ` [gentoo-hardened] [solved] was: " Jonathan Skanes 0 siblings, 1 reply; 6+ messages in thread From: Kevin F. Quinn @ 2006-05-28 8:52 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1324 bytes --] On Sun, 28 May 2006 01:54:22 -0230 Jonathan Skanes <jon@skanes.ca> wrote: > On May 22, 2006 16:31, Kevin F. Quinn wrote: > > > > If so, do i change the gcc profile on the > > > hardened machines to vanilla before emerging? > > > > That's the only way that will work with distcc. Another option > > would have been to add '-specs=vanilla.specs' to CFLAGS, but distcc > > will reject it (it's a bit tricky to support). > > OK, this being so, can I have the discc init.d script select a > profile and update the environment before running distcc and have it > retain the changes? If so, it should be possible to run a couple > distcc invocations on different ports to support the different > profiles. This would be fabulous as then I can configure the distcc > client to choose the right spec based on distcc port number. Should be simple enough. The only environment thing that matters however is the environment variable GCC_SPECS so you don't need to go switching the system profile all the time. I suggest copying the distccd init.d and conf.d scripts to (say) distccdh. Set the port number in conf.d/distccdh and set GCC_SPECS in init.d/distccdh; probably best to add a line 'export GCC_SPECS="hardened.specs"' before distccd is run. Then just start distccdh. -- Kevin F. Quinn [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 191 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] [solved] was: distcc and mixed hardened/vanilla toolchains 2006-05-28 8:52 ` Kevin F. Quinn @ 2006-06-01 4:34 ` Jonathan Skanes 0 siblings, 0 replies; 6+ messages in thread From: Jonathan Skanes @ 2006-06-01 4:34 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1861 bytes --] Hi Everyone, I've modified the stock distccd init.d and conf.d scripts to launch vanilla and hardened gcc profiles on different ports. In my example, vanilla runs on the standard port and hardened runs on standard port +1. The config script should be self explanatory. On the hardened clients the distcc hosts file would look like this: host1:3633 host2:3633 [...] The gcc profile set with gcc-config, in the environment the distccd init script is started in, will be used. Jon On Sunday 28 May 2006 06:22, Kevin F. Quinn wrote: > On Sun, 28 May 2006 01:54:22 -0230 > > Jonathan Skanes <jon@skanes.ca> wrote: > > On May 22, 2006 16:31, Kevin F. Quinn wrote: > > > > If so, do i change the gcc profile on the > > > > hardened machines to vanilla before emerging? > > > > > > That's the only way that will work with distcc. Another option > > > would have been to add '-specs=vanilla.specs' to CFLAGS, but distcc > > > will reject it (it's a bit tricky to support). > > > > OK, this being so, can I have the discc init.d script select a > > profile and update the environment before running distcc and have it > > retain the changes? If so, it should be possible to run a couple > > distcc invocations on different ports to support the different > > profiles. This would be fabulous as then I can configure the distcc > > client to choose the right spec based on distcc port number. > > Should be simple enough. The only environment thing that matters > however is the environment variable GCC_SPECS so you don't need to go > switching the system profile all the time. > > I suggest copying the distccd init.d and conf.d scripts to (say) > distccdh. Set the port number in conf.d/distccdh and set GCC_SPECS in > init.d/distccdh; probably best to add a line 'export > GCC_SPECS="hardened.specs"' before distccd is run. Then just start > distccdh. [-- Attachment #2: distccd --] [-- Type: text/plain, Size: 2017 bytes --] #!/sbin/runscript # $Header: /var/cvsroot/gentoo-x86/sys-devel/distcc/files/2.18/init,v 1.1 2004/10/12 17:21:43 lisa Exp $ # Modified by Jon Skanes <jon@skanes.ca> for serving # vanilla and hardened gcc profiles together. depend() { need net use ypbind } start-vanilla() { [ -e "${DISTCCD_VANILLA_PIDFILE}" ] && rm -f ${DISTCCD_VANILLA_PIDFILE} &>/dev/null ebegin "Starting vanilla distccd" chown distcc `dirname ${DISTCCD_VANILLA_PIDFILE}` &>/dev/null TMPDIR="${TMPDIR}" \ PATH="$(gcc-config --get-bin-path):${PATH}" \ export GCC_SPECS="$(gcc-config --get-lib-path)/vanilla.specs" /sbin/start-stop-daemon --start --quiet --startas ${DISTCCD_EXEC} \ --pidfile ${DISTCCD_VANILLA_PIDFILE} -- \ --pid-file ${DISTCCD_VANILLA_PIDFILE} -N ${DISTCCD_VANILLA_NICE} --user distcc --port ${DISTCCD_VANILLA_PORT} \ ${DISTCCD_OPTS} ${DISTCCD_VANILLA_OPTS} eend $? } start-hardened() { [ -e "${DISTCCD_HARDENED_PIDFILE}" ] && rm -f ${DISTCCD_HARDENED_PIDFILE} &>/dev/null ebegin "Starting hardened distccd" chown distcc `dirname ${DISTCCD_HARDENED_PIDFILE}` &>/dev/null TMPDIR="${TMPDIR}" \ PATH="$(gcc-config --get-bin-path):${PATH}" \ export GCC_SPECS="$(gcc-config --get-lib-path)/hardened.specs" /sbin/start-stop-daemon --start --quiet --startas ${DISTCCD_EXEC} \ --pidfile ${DISTCCD_HARDENED_PIDFILE} -- \ --pid-file ${DISTCCD_HARDENED_PIDFILE} -N ${DISTCCD_HARDENED_NICE} --user distcc --port ${DISTCCD_HARDENED_PORT} \ ${DISTCCD_OPTS} ${DISTCCD_HARDENED_OPTS} eend $? } stop-vanilla() { ebegin "Stopping vanilla distccd" start-stop-daemon --stop --quiet --pidfile "${DISTCCD_VANILLA_PIDFILE}" rm -f "${DISTCCD_VANILLA_PIDFILE}" eend $? } stop-hardened() { ebegin "Stopping hardened distccd" start-stop-daemon --stop --quiet --pidfile "${DISTCCD_HARDENED_PIDFILE}" rm -f "${DISTCCD_HARDENED_PIDFILE}" eend $? } start() { ebegin "Starting distccd" start-vanilla start-hardened eend $? } stop() { ebegin "Stopping distccd" stop-vanilla stop-hardened eend $? } ### END ### [-- Attachment #3: distccd --] [-- Type: text/plain, Size: 1622 bytes --] # /etc/conf.d/distccd: config file for /etc/init.d/distccd # Modified by Jon Skanes <jon@skanes.ca> for serving # vanilla and hardened gcc profiles together. # General options for all distccd processes. DISTCCD_OPTS="--daemon" # Individual options for vanilla/hardened DISTCCD_VANILLA_OPTS="" DISTCCD_HARDENED_OPTS="" # this is the distccd executable DISTCCD_EXEC="/usr/bin/distccd" # this is where distccd will store its pid files DISTCCD_VANILLA_PIDFILE="/var/run/distccd/distccd-vanilla.pid" DISTCCD_HARDENED_PIDFILE="/var/run/distccd/distccd-hardened.pid" # Default start port is 3632. # For most people the default is okay. DISTCCD_VANILLA_PORT="3632" DISTCCD_HARDENED_PORT="3633" # Logging # You can change some logging options here: # --log-file FILE # --log-level LEVEL [critical,error,warning, notice, info, debug] # # Leaving --log-file blank will log to syslog # example: --log-file /dev/null --log-level warning # example: --log-level critical DISTCCD_OPTS="${DISTCCD_OPTS} --log-level error" # SECURITY NOTICE: # It is HIGHLY recomended that you use the --listen option # for increased security. You can specify an IP to permit connections # from or a CIDR mask # --listen accepts only a single IP # --allow is now mandatory as of distcc-2.18. # example: --allow 192.168.0.0/24 # example: --allow 192.168.0.5 --allow 192.168.0.150 # example: --listen 192.168.0.2 DISTCCD_OPTS="${DISTCCD_OPTS} --allow 192.168.0.0/24 --allow 127.0.0.1" #DISTCCD_OPTS="${DISTCCD_OPTS} --listen 192.168.0.2" # set this for niceness # Default is 15 DISTCCD_VANILLA_NICE="15" DISTCCD_HARDENED_NICE="15" ### END ### ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-06-01 4:38 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-05-19 15:50 [gentoo-hardened] distcc and mixed hardened/vanilla toolchains Jonathat Skanes 2006-05-20 2:01 ` Russ Gray 2006-05-22 19:01 ` Kevin F. Quinn 2006-05-28 4:24 ` Jonathan Skanes 2006-05-28 8:52 ` Kevin F. Quinn 2006-06-01 4:34 ` [gentoo-hardened] [solved] was: " Jonathan Skanes
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox